Exploit that gives remote access affects ~200 million cable modems (ars technica)

Post Syndicated from corbet original https://lwn.net/Articles/809447/rss

Ars technica reports
on the “Cable Haunt” vulnerability
that afflicts a large number of
cable modems. “The first and most straightforward way is to serve malicious JavaScript that causes the browser to connect to the modem. Normally, a mechanism called cross-origin resource sharing prevents a Web application from one origin (such as malicious.example.com) from working on a different origin (such as 192.168.100.1, the address used by most or all of the vulnerable modems).

Websockets, however, aren’t protected by CORS, as the mechanism is usually
called. As a result, the modems will accept the remote JavaScript, thereby
allowing attackers to reach the endpoint and serve it code.” Thus
far, there doesn’t seem to be any information out there on whether routers
running OpenWrt are vulnerable.